diff --git a/src/auth.c b/src/auth.c index 172a4b2..7be1613 100644 --- a/src/auth.c +++ b/src/auth.c @@ -210,7 +210,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (local_query || in_zone(zone, intr->name, NULL)) { found = 1; - log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL); + log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL, 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, T_PTR, C_IN, "d", intr->name)) @@ -234,7 +234,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n strcat(name, "."); strcat(name, zone->domain); } - log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid)); + log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid), 0); found = 1; if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, @@ -243,7 +243,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n } else if (crecp->flags & (F_DHCP | F_HOSTS) && (local_query || in_zone(zone, name, NULL))) { - log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid)); + log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid), 0); found = 1; if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, @@ -257,7 +257,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (!found && is_rev_synth(flag, &addr, name) && (local_query || in_zone(zone, name, NULL))) { - log_query(F_CONFIG | F_REVERSE | flag, name, &addr, NULL); + log_query(F_CONFIG | F_REVERSE | flag, name, &addr, NULL, 0); found = 1; if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, @@ -269,7 +269,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (found) nxdomain = 0; else - log_query(flag | F_NEG | F_NXDOMAIN | F_REVERSE | (auth ? F_AUTH : 0), NULL, &addr, NULL); + log_query(flag | F_NEG | F_NXDOMAIN | F_REVERSE | (auth ? F_AUTH : 0), NULL, &addr, NULL, 0); continue; } @@ -300,7 +300,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (rc == 2 && qtype == T_MX) { found = 1; - log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + log_query(F_CONFIG | F_RRNAME, name, NULL, "", 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, T_MX, C_IN, "sd", rec->weight, rec->target)) anscount++; @@ -315,7 +315,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (rc == 2 && qtype == T_SRV) { found = 1; - log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + log_query(F_CONFIG | F_RRNAME, name, NULL, "", 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, T_SRV, C_IN, "sssd", rec->priority, rec->weight, rec->srvport, rec->target)) @@ -349,7 +349,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (rc == 2 && txt->class == qtype) { found = 1; - log_query(F_CONFIG | F_RRNAME, name, NULL, querystr(NULL, txt->class)); + log_query(F_CONFIG | F_RRNAME, name, NULL, NULL, txt->class); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, txt->class, C_IN, "t", txt->len, txt->txt)) anscount++; @@ -363,7 +363,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (rc == 2 && qtype == T_TXT) { found = 1; - log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + log_query(F_CONFIG | F_RRNAME, name, NULL, "", 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, T_TXT, C_IN, "t", txt->len, txt->txt)) anscount++; @@ -377,7 +377,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (rc == 2 && qtype == T_NAPTR) { found = 1; - log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + log_query(F_CONFIG | F_RRNAME, name, NULL, "", 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, T_NAPTR, C_IN, "sszzzd", na->order, na->pref, na->flags, na->services, na->regexp, na->replace)) @@ -407,7 +407,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n continue; found = 1; - log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL); + log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL, 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, qtype, C_IN, qtype == T_A ? "4" : "6", &addrlist->addr)) @@ -420,7 +420,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n found = 1; nxdomain = 0; - log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL); + log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL, 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, qtype, C_IN, qtype == T_A ? "4" : "6", &addr)) anscount++; @@ -434,7 +434,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n { auth = soa = 1; /* inhibits auth section */ found = 1; - log_query(F_RRNAME | F_AUTH, zone->domain, NULL, ""); + log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "", 0); } else if (qtype == T_AXFR) { @@ -471,14 +471,14 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n axfr = 1; found = 1; axfroffset = nameoffset; - log_query(F_RRNAME | F_AUTH, zone->domain, NULL, ""); + log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "", 0); } else if (qtype == T_NS) { auth = 1; ns = 1; /* inhibits auth section */ found = 1; - log_query(F_RRNAME | F_AUTH, zone->domain, NULL, ""); + log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "", 0); } } @@ -496,7 +496,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n (local_query || filter_zone(zone, flag, &(crecp->addr)))) { *cut = '.'; /* restore domain part */ - log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid)); + log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid), 0); *cut = 0; /* remove domain part */ found = 1; if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, @@ -518,7 +518,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n nxdomain = 0; if ((crecp->flags & flag) && (local_query || filter_zone(zone, flag, &(crecp->addr)))) { - log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid)); + log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid), 0); found = 1; if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, NULL, qtype, C_IN, @@ -566,7 +566,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (candidate) { - log_query(F_CONFIG | F_CNAME, name, NULL, NULL); + log_query(F_CONFIG | F_CNAME, name, NULL, NULL, 0); strcpy(name, candidate->target); if (!strchr(name, '.')) { @@ -584,7 +584,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n else if (cache_find_non_terminal(name, now)) nxdomain = 0; - log_query(flag | F_NEG | (nxdomain ? F_NXDOMAIN : 0) | F_FORWARD | F_AUTH, name, NULL, NULL); + log_query(flag | F_NEG | (nxdomain ? F_NXDOMAIN : 0) | F_FORWARD | F_AUTH, name, NULL, NULL, 0); } } @@ -892,7 +892,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n header->nscount = htons(0); addr.log.rcode = REFUSED; addr.log.ede = EDE_NOT_AUTH; - log_query(F_UPSTREAM | F_RCODE, "error", &addr, NULL); + log_query(F_UPSTREAM | F_RCODE, "error", &addr, NULL, 0); return resize_packet(header, ansp - (unsigned char *)header, NULL, 0); } diff --git a/src/cache.c b/src/cache.c index 8add610..b3b3c7c 100644 --- a/src/cache.c +++ b/src/cache.c @@ -30,50 +30,100 @@ static struct crec *really_insert(char *name, union all_addr *addr, unsigned sho time_t now, unsigned long ttl, unsigned int flags); /* type->string mapping: this is also used by the name-hash function as a mixing table. */ +/* taken from https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml */ static const struct { unsigned int type; const char * const name; } typestr[] = { - { 1, "A" }, - { 2, "NS" }, - { 5, "CNAME" }, - { 6, "SOA" }, - { 10, "NULL" }, - { 11, "WKS" }, - { 12, "PTR" }, - { 13, "HINFO" }, - { 15, "MX" }, - { 16, "TXT" }, - { 22, "NSAP" }, - { 23, "NSAP_PTR" }, - { 24, "SIG" }, - { 25, "KEY" }, - { 28, "AAAA" }, - { 29, "LOC" }, - { 33, "SRV" }, - { 35, "NAPTR" }, - { 36, "KX" }, - { 37, "CERT" }, - { 38, "A6" }, - { 39, "DNAME" }, - { 41, "OPT" }, - { 43, "DS" }, - { 46, "RRSIG" }, - { 47, "NSEC" }, - { 48, "DNSKEY" }, - { 50, "NSEC3" }, - { 51, "NSEC3PARAM" }, - { 52, "TLSA" }, - { 53, "SMIMEA" }, - { 55, "HIP" }, - { 249, "TKEY" }, - { 250, "TSIG" }, - { 251, "IXFR" }, - { 252, "AXFR" }, - { 253, "MAILB" }, - { 254, "MAILA" }, - { 255, "ANY" }, - { 257, "CAA" } + { 1, "A" }, /* a host address [RFC1035] */ + { 2, "NS" }, /* an authoritative name server [RFC1035] */ + { 3, "MD" }, /* a mail destination (OBSOLETE - use MX) [RFC1035] */ + { 4, "MF" }, /* a mail forwarder (OBSOLETE - use MX) [RFC1035] */ + { 5, "CNAME" }, /* the canonical name for an alias [RFC1035] */ + { 6, "SOA" }, /* marks the start of a zone of authority [RFC1035] */ + { 7, "MB" }, /* a mailbox domain name (EXPERIMENTAL) [RFC1035] */ + { 8, "MG" }, /* a mail group member (EXPERIMENTAL) [RFC1035] */ + { 9, "MR" }, /* a mail rename domain name (EXPERIMENTAL) [RFC1035] */ + { 10, "NULL" }, /* a null RR (EXPERIMENTAL) [RFC1035] */ + { 11, "WKS" }, /* a well known service description [RFC1035] */ + { 12, "PTR" }, /* a domain name pointer [RFC1035] */ + { 13, "HINFO" }, /* host information [RFC1035] */ + { 14, "MINFO" }, /* mailbox or mail list information [RFC1035] */ + { 15, "MX" }, /* mail exchange [RFC1035] */ + { 16, "TXT" }, /* text strings [RFC1035] */ + { 17, "RP" }, /* for Responsible Person [RFC1183] */ + { 18, "AFSDB" }, /* for AFS Data Base location [RFC1183][RFC5864] */ + { 19, "X25" }, /* for X.25 PSDN address [RFC1183] */ + { 20, "ISDN" }, /* for ISDN address [RFC1183] */ + { 21, "RT" }, /* for Route Through [RFC1183] */ + { 22, "NSAP" }, /* for NSAP address, NSAP style A record [RFC1706] */ + { 23, "NSAP_PTR" }, /* for domain name pointer, NSAP style [RFC1348][RFC1637][RFC1706] */ + { 24, "SIG" }, /* for security signature [RFC2535][RFC2536][RFC2537][RFC2931][RFC3008][RFC3110][RFC3755][RFC4034] */ + { 25, "KEY" }, /* for security key [RFC2535][RFC2536][RFC2537][RFC2539][RFC3008][RFC3110][RFC3755][RFC4034] */ + { 26, "PX" }, /* X.400 mail mapping information [RFC2163] */ + { 27, "GPOS" }, /* Geographical Position [RFC1712] */ + { 28, "AAAA" }, /* IP6 Address [RFC3596] */ + { 29, "LOC" }, /* Location Information [RFC1876] */ + { 30, "NXT" }, /* Next Domain (OBSOLETE) [RFC2535][RFC3755] */ + { 31, "EID" }, /* Endpoint Identifier [Michael_Patton][http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt] 1995-06*/ + { 32, "NIMLOC" }, /* Nimrod Locator [1][Michael_Patton][http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt] 1995-06*/ + { 33, "SRV" }, /* Server Selection [1][RFC2782] */ + { 34, "ATMA" }, /* ATM Address [ ATM Forum Technical Committee, "ATM Name System, V2.0", Doc ID: AF-DANS-0152.000, July 2000. Available from and held in escrow by IANA.] */ + { 35, "NAPTR" }, /* Naming Authority Pointer [RFC2168][RFC2915][RFC3403] */ + { 36, "KX" }, /* Key Exchanger [RFC2230] */ + { 37, "CERT" }, /* CERT [RFC4398] */ + { 38, "A6" }, /* A6 (OBSOLETE - use AAAA) [RFC2874][RFC3226][RFC6563] */ + { 39, "DNAME" }, /* DNAME [RFC6672] */ + { 40, "SINK" }, /* SINK [Donald_E_Eastlake][http://tools.ietf.org/html/draft-eastlake-kitchen-sink] 1997-11*/ + { 41, "OPT" }, /* OPT [RFC3225][RFC6891] */ + { 42, "APL" }, /* APL [RFC3123] */ + { 43, "DS" }, /* Delegation Signer [RFC3658][RFC4034] */ + { 44, "SSHFP" }, /* SSH Key Fingerprint [RFC4255] */ + { 45, "IPSECKEY" }, /* IPSECKEY [RFC4025] */ + { 46, "RRSIG" }, /* RRSIG [RFC3755][RFC4034] */ + { 47, "NSEC" }, /* NSEC [RFC3755][RFC4034][RFC9077] */ + { 48, "DNSKEY" }, /* DNSKEY [RFC3755][RFC4034] */ + { 49, "DHCID" }, /* DHCID [RFC4701] */ + { 50, "NSEC3" }, /* NSEC3 [RFC5155][RFC9077] */ + { 51, "NSEC3PARAM" }, /* NSEC3PARAM [RFC5155] */ + { 52, "TLSA" }, /* TLSA [RFC6698] */ + { 53, "SMIMEA" }, /* S/MIME cert association [RFC8162] SMIMEA/smimea-completed-template 2015-12-01*/ + { 55, "HIP" }, /* Host Identity Protocol [RFC8005] */ + { 56, "NINFO" }, /* NINFO [Jim_Reid] NINFO/ninfo-completed-template 2008-01-21*/ + { 57, "RKEY" }, /* RKEY [Jim_Reid] RKEY/rkey-completed-template 2008-01-21*/ + { 58, "TALINK" }, /* Trust Anchor LINK [Wouter_Wijngaards] TALINK/talink-completed-template 2010-02-17*/ + { 59, "CDS" }, /* Child DS [RFC7344] CDS/cds-completed-template 2011-06-06*/ + { 60, "CDNSKEY" }, /* DNSKEY(s) the Child wants reflected in DS [RFC7344] 2014-06-16*/ + { 61, "OPENPGPKEY" }, /* OpenPGP Key [RFC7929] OPENPGPKEY/openpgpkey-completed-template 2014-08-12*/ + { 62, "CSYNC" }, /* Child-To-Parent Synchronization [RFC7477] 2015-01-27*/ + { 63, "ZONEMD" }, /* Message Digest Over Zone Data [RFC8976] ZONEMD/zonemd-completed-template 2018-12-12*/ + { 64, "SVCB" }, /* Service Binding [draft-ietf-dnsop-svcb-https-00] SVCB/svcb-completed-template 2020-06-30*/ + { 65, "HTTPS" }, /* HTTPS Binding [draft-ietf-dnsop-svcb-https-00] HTTPS/https-completed-template 2020-06-30*/ + { 99, "SPF" }, /* [RFC7208] */ + { 100, "UINFO" }, /* [IANA-Reserved] */ + { 101, "UID" }, /* [IANA-Reserved] */ + { 102, "GID" }, /* [IANA-Reserved] */ + { 103, "UNSPEC" }, /* [IANA-Reserved] */ + { 104, "NID" }, /* [RFC6742] ILNP/nid-completed-template */ + { 105, "L32" }, /* [RFC6742] ILNP/l32-completed-template */ + { 106, "L64" }, /* [RFC6742] ILNP/l64-completed-template */ + { 107, "LP" }, /* [RFC6742] ILNP/lp-completed-template */ + { 108, "EUI48" }, /* an EUI-48 address [RFC7043] EUI48/eui48-completed-template 2013-03-27*/ + { 109, "EUI64" }, /* an EUI-64 address [RFC7043] EUI64/eui64-completed-template 2013-03-27*/ + { 249, "TKEY" }, /* Transaction Key [RFC2930] */ + { 250, "TSIG" }, /* Transaction Signature [RFC8945] */ + { 251, "IXFR" }, /* incremental transfer [RFC1995] */ + { 252, "AXFR" }, /* transfer of an entire zone [RFC1035][RFC5936] */ + { 253, "MAILB" }, /* mailbox-related RRs (MB, MG or MR) [RFC1035] */ + { 254, "MAILA" }, /* mail agent RRs (OBSOLETE - see MX) [RFC1035] */ + { 255, "ANY" }, /* A request for some or all records the server has available [RFC1035][RFC6895][RFC8482] */ + { 256, "URI" }, /* URI [RFC7553] URI/uri-completed-template 2011-02-22*/ + { 257, "CAA" }, /* Certification Authority Restriction [RFC8659] CAA/caa-completed-template 2011-04-07*/ + { 258, "AVC" }, /* Application Visibility and Control [Wolfgang_Riedel] AVC/avc-completed-template 2016-02-26*/ + { 259, "DOA" }, /* Digital Object Architecture [draft-durand-doa-over-dns] DOA/doa-completed-template 2017-08-30*/ + { 260, "AMTRELAY" }, /* Automatic Multicast Tunneling Relay [RFC8777] AMTRELAY/amtrelay-completed-template 2019-02-06*/ + { 32768, "TA" }, /* DNSSEC Trust Authorities [Sam_Weiler][http://cameo.library.cmu.edu/][ Deploying DNSSEC Without a Signed Root. Technical Report 1999-19, Information Networking Institute, Carnegie Mellon University, April 2004.] 2005-12-13*/ + { 32769, "DLV" }, /* DNSSEC Lookaside Validation (OBSOLETE) [RFC8749][RFC4431] */ }; static void cache_free(struct crec *crecp); @@ -1805,7 +1855,7 @@ char *record_source(unsigned int index) return ""; } -char *querystr(char *desc, unsigned short type) +static char *querystr(char *desc, unsigned short type) { unsigned int i; int len = 10; /* strlen("type=xxxxx") */ @@ -1893,7 +1943,7 @@ static char *edestr(int ede) } } -void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg) +void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg, unsigned short type) { char *source, *dest = arg; char *verb = "is"; @@ -1901,7 +1951,11 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg) if (!option_bool(OPT_LOG)) return; - + + /* build query type string if requested */ + if(type > 0) + arg = querystr(arg, type); + #ifdef HAVE_DNSSEC if ((flags & F_DNSSECOK) && option_bool(OPT_EXTRALOG)) extra = " (DNSSEC signed)"; diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 8674823..56a3f1d 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -1245,9 +1245,8 @@ extern struct daemon { /* cache.c */ void cache_init(void); void next_uid(struct crec *crecp); -void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg); +void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg, unsigned short type); char *record_source(unsigned int index); -char *querystr(char *desc, unsigned short type); int cache_find_non_terminal(char *name, time_t now); struct crec *cache_find_by_addr(struct crec *crecp, union all_addr *addr, time_t now, diff --git a/src/dnssec.c b/src/dnssec.c index 153cac4..90818a6 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -954,9 +954,9 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch a.log.keytag = keytag; a.log.algo = algo; if (algo_digest_name(algo)) - log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu"); + log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu", 0); else - log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)"); + log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)", 0); } } } @@ -973,7 +973,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch return STAT_OK; } - log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY"); + log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY", 0); return STAT_BOGUS | failflags; } @@ -1012,7 +1012,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char if (STAT_ISEQUAL(rc, STAT_INSECURE)) { my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"), name); - log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS - not secure"); + log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS - not secure", 0); return STAT_BOGUS | DNSSEC_FAIL_INDET; } @@ -1025,7 +1025,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char from the DS's zone, and not the parent zone. */ if (STAT_ISEQUAL(rc, STAT_NEED_KEY) && hostname_isequal(name, keyname)) { - log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS"); + log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS", 0); return STAT_BOGUS; } @@ -1081,9 +1081,9 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char a.log.algo = algo; a.log.digest = digest; if (ds_digest_name(digest) && algo_digest_name(algo)) - log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu"); + log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu", 0); else - log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)"); + log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)", 0); } } @@ -1116,7 +1116,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char cache_end_insert(); - log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no DS/cut" : "no DS"); + log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no DS/cut" : "no DS", 0); } return STAT_OK; diff --git a/src/domain-match.c b/src/domain-match.c index f8e4796..0b0dcd9 100644 --- a/src/domain-match.c +++ b/src/domain-match.c @@ -393,7 +393,7 @@ size_t make_local_answer(int flags, int gotname, size_t size, struct dns_header union all_addr addr; if (flags & (F_NXDOMAIN | F_NOERR)) - log_query(flags | gotname | F_NEG | F_CONFIG | F_FORWARD, name, NULL, NULL); + log_query(flags | gotname | F_NEG | F_CONFIG | F_FORWARD, name, NULL, NULL, 0); setup_reply(header, flags, ede); @@ -412,7 +412,7 @@ size_t make_local_answer(int flags, int gotname, size_t size, struct dns_header header->ancount = htons(ntohs(header->ancount) + 1); add_resource_record(header, limit, &trunc, sizeof(struct dns_header), &p, daemon->local_ttl, NULL, T_A, C_IN, "4", &addr); - log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV6, name, (union all_addr *)&addr, NULL); + log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV6, name, (union all_addr *)&addr, NULL, 0); } if (flags & gotname & F_IPV6) @@ -427,7 +427,7 @@ size_t make_local_answer(int flags, int gotname, size_t size, struct dns_header header->ancount = htons(ntohs(header->ancount) + 1); add_resource_record(header, limit, &trunc, sizeof(struct dns_header), &p, daemon->local_ttl, NULL, T_AAAA, C_IN, "6", &addr); - log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV4, name, (union all_addr *)&addr, NULL); + log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV4, name, (union all_addr *)&addr, NULL, 0); } if (trunc) diff --git a/src/forward.c b/src/forward.c index 3d638e4..434ba77 100644 --- a/src/forward.c +++ b/src/forward.c @@ -119,12 +119,12 @@ static void set_outgoing_mark(struct frec *forward, int fd) } #endif -static void log_query_mysockaddr(unsigned int flags, char *name, union mysockaddr *addr, char *arg) +static void log_query_mysockaddr(unsigned int flags, char *name, union mysockaddr *addr, char *arg, unsigned short type) { if (addr->sa.sa_family == AF_INET) - log_query(flags | F_IPV4, name, (union all_addr *)&addr->in.sin_addr, arg); + log_query(flags | F_IPV4, name, (union all_addr *)&addr->in.sin_addr, arg, type); else - log_query(flags | F_IPV6, name, (union all_addr *)&addr->in6.sin6_addr, arg); + log_query(flags | F_IPV6, name, (union all_addr *)&addr->in6.sin6_addr, arg, type); } static void server_send(struct server *server, int fd, @@ -138,12 +138,13 @@ static void server_send(struct server *server, int fd, #ifdef HAVE_DNSSEC static void server_send_log(struct server *server, int fd, const void *header, size_t plen, int dumpflags, - unsigned int logflags, char *name, char *arg) + unsigned int logflags, char *name, char *arg, + unsigned short type) { #ifdef HAVE_DUMPFILE dump_packet(dumpflags, (void *)header, (size_t)plen, NULL, &server->addr); #endif - log_query_mysockaddr(logflags, name, &server->addr, arg); + log_query_mysockaddr(logflags, name, &server->addr, arg, type); server_send(server, fd, header, plen, 0); } #endif @@ -494,12 +495,12 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, if (!gotname) strcpy(daemon->namebuff, "query"); log_query_mysockaddr(F_SERVER | F_FORWARD, daemon->namebuff, - &srv->addr, NULL); + &srv->addr, NULL, 0); } #ifdef HAVE_DNSSEC else log_query_mysockaddr(F_NOEXTRA | F_DNSSEC, daemon->namebuff, &srv->addr, - querystr("dnssec-retry", (forward->flags & FREC_DNSKEY_QUERY) ? T_DNSKEY : T_DS)); + "dnssec-retry", (forward->flags & FREC_DNSKEY_QUERY) ? T_DNSKEY : T_DS); #endif srv->queries++; @@ -653,7 +654,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server union all_addr a; a.log.rcode = rcode; a.log.ede = ede; - log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL); + log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL, 0); return resize_packet(header, n, pheader, plen); } @@ -889,7 +890,7 @@ static void dnssec_validate(struct frec *forward, struct dns_header *header, #endif server_send_log(server, fd, header, nn, DUMP_SEC_QUERY, F_NOEXTRA | F_DNSSEC, daemon->keyname, - querystr("dnssec-query", STAT_ISEQUAL(status, STAT_NEED_KEY) ? T_DNSKEY : T_DS)); + "dnssec-query", STAT_ISEQUAL(status, STAT_NEED_KEY) ? T_DNSKEY : T_DS); server->queries++; } @@ -1136,7 +1137,7 @@ static void return_reply(time_t now, struct frec *forward, struct dns_header *he domain = daemon->namebuff; } - log_query(F_SECSTAT, domain, &a, result); + log_query(F_SECSTAT, domain, &a, result, 0); } } #endif @@ -1202,7 +1203,7 @@ static void return_reply(time_t now, struct frec *forward, struct dns_header *he { daemon->log_display_id = src->log_id; daemon->log_source_addr = &src->source; - log_query(F_UPSTREAM, "query", NULL, "duplicate"); + log_query(F_UPSTREAM, "query", NULL, "duplicate", 0); } } } @@ -1509,10 +1510,8 @@ void receive_query(struct listener *listen, time_t now) #ifdef HAVE_AUTH struct auth_zone *zone; #endif - char *types = querystr(auth_dns ? "auth" : "query", type); - log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff, - &source_addr, types); + &source_addr, auth_dns ? "auth" : "query", type); #ifdef HAVE_CONNTRACK is_single_query = 1; @@ -1808,7 +1807,7 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si daemon->log_display_id = ++daemon->log_id; log_query_mysockaddr(F_NOEXTRA | F_DNSSEC, keyname, &server->addr, - querystr("dnssec-query", STAT_ISEQUAL(new_status, STAT_NEED_KEY) ? T_DNSKEY : T_DS)); + "dnssec-query", STAT_ISEQUAL(new_status, STAT_NEED_KEY) ? T_DNSKEY : T_DS); new_status = tcp_key_recurse(now, new_status, new_header, m, class, name, keyname, server, have_mark, mark, keycount); @@ -1946,11 +1945,10 @@ unsigned char *tcp_request(int confd, time_t now, #ifdef HAVE_AUTH struct auth_zone *zone; #endif - char *types = querystr(auth_dns ? "auth" : "query", qtype); - + log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff, - &peer_addr, types); - + &peer_addr, auth_dns ? "auth" : "query", qtype); + #ifdef HAVE_CONNTRACK is_single_query = 1; #endif @@ -2089,7 +2087,7 @@ unsigned char *tcp_request(int confd, time_t now, /* get query name again for logging - may have been overwritten */ if (!(gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype))) strcpy(daemon->namebuff, "query"); - log_query_mysockaddr(F_SERVER | F_FORWARD, daemon->namebuff, &serv->addr, NULL); + log_query_mysockaddr(F_SERVER | F_FORWARD, daemon->namebuff, &serv->addr, NULL, 0); #ifdef HAVE_DNSSEC if (option_bool(OPT_DNSSEC_VALID) && !checking_disabled && (master->flags & SERV_DO_DNSSEC)) @@ -2121,7 +2119,7 @@ unsigned char *tcp_request(int confd, time_t now, domain = daemon->namebuff; } - log_query(F_SECSTAT, domain, &a, result); + log_query(F_SECSTAT, domain, &a, result, 0); } #endif diff --git a/src/rfc1035.c b/src/rfc1035.c index 6e195cc..3a7f3a5 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -526,7 +526,7 @@ static int print_txt(struct dns_header *header, const size_t qlen, char *name, } *p3 = 0; - log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, (char*)p1); + log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, (char*)p1, 0); /* restore */ memmove(p1 + 1, p1, i); *p1 = len; @@ -643,7 +643,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t #endif if (aqtype == T_CNAME) - log_query(secflag | F_CNAME | F_FORWARD | F_UPSTREAM, name, NULL, NULL); + log_query(secflag | F_CNAME | F_FORWARD | F_UPSTREAM, name, NULL, NULL, 0); if (!extract_name(header, qlen, &p1, name, 1, 0)) return 0; @@ -661,10 +661,10 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t found = 1; if (!name_encoding) - log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, querystr(NULL, aqtype)); + log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, NULL, aqtype); else { - log_query(name_encoding | secflag | F_REVERSE | F_UPSTREAM, name, &addr, NULL); + log_query(name_encoding | secflag | F_REVERSE | F_UPSTREAM, name, &addr, NULL, 0); if (insert) cache_insert(name, &addr, C_IN, now, cttl, name_encoding | secflag | F_REVERSE); } @@ -691,7 +691,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t cache_insert(NULL, &addr, C_IN, now, ttl, flags); } - log_query(flags | F_UPSTREAM, name, &addr, NULL); + log_query(flags | F_UPSTREAM, name, &addr, NULL, 0); } } else @@ -762,7 +762,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t if (!cname_count--) return 0; /* looped CNAMES */ - log_query(secflag | F_CNAME | F_FORWARD | F_UPSTREAM, name, NULL, NULL); + log_query(secflag | F_CNAME | F_FORWARD | F_UPSTREAM, name, NULL, NULL, 0); if (insert) { @@ -797,7 +797,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t #ifdef HAVE_DNSSEC if (!option_bool(OPT_DNSSEC_VALID) || aqtype != T_RRSIG) #endif - log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, querystr(NULL, aqtype)); + log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, NULL, aqtype); } else if (!(flags & F_NXDOMAIN)) { @@ -847,7 +847,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t ipsets_cur = ipsets; while (*ipsets_cur) { - log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, name, &addr, *ipsets_cur); + log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, name, &addr, *ipsets_cur, 0); add_to_ipset(*ipsets_cur++, &addr, flags, 0); } } @@ -872,7 +872,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t return 0; } else - log_query(flags | F_FORWARD | secflag | F_UPSTREAM, name, &addr, querystr(NULL, aqtype)); + log_query(flags | F_FORWARD | secflag | F_UPSTREAM, name, &addr, NULL, aqtype); } p1 = endrr; @@ -891,7 +891,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t insert = 1; } - log_query(F_UPSTREAM | F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0), name, NULL, NULL); + log_query(F_UPSTREAM | F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0), name, NULL, NULL, 0); if (!searched_soa) { @@ -1089,7 +1089,7 @@ void setup_reply(struct dns_header *header, unsigned int flags, int ede) union all_addr a; a.log.rcode = REFUSED; a.log.ede = ede; - log_query(F_CONFIG | F_RCODE, "error", &a, NULL); + log_query(F_CONFIG | F_RCODE, "error", &a, NULL, 0); SET_RCODE(header, REFUSED); } } @@ -1459,7 +1459,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (qtype == T_CNAME) { if (!dryrun) - log_query(crecp->flags, name, NULL, record_source(crecp->uid)); + log_query(crecp->flags, name, NULL, record_source(crecp->uid), 0); auth = 0; nxdomain = 1; ans = 1; @@ -1481,7 +1481,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!dryrun) { - log_query(crecp->flags, name, NULL, record_source(crecp->uid)); + log_query(crecp->flags, name, NULL, record_source(crecp->uid), 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, crec_ttl(crecp, now), &nameoffset, T_CNAME, C_IN, "d", cname_target)) @@ -1521,7 +1521,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, #endif if (ok) { - log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + log_query(F_CONFIG | F_RRNAME, name, NULL, "", 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, ttl, NULL, T_TXT, t->class, "t", t->len, t->txt)) @@ -1543,7 +1543,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!dryrun) { addr.log.rcode = NOTIMP; - log_query(F_CONFIG | F_RCODE, name, &addr, NULL); + log_query(F_CONFIG | F_RCODE, name, &addr, NULL, 0); } ans = 1, sec_data = 0; } @@ -1561,7 +1561,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, sec_data = 0; if (!dryrun) { - log_query(F_CONFIG | F_RRNAME, name, NULL, querystr(NULL, t->class)); + log_query(F_CONFIG | F_RRNAME, name, NULL, NULL, t->class); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL, t->class, C_IN, "t", t->len, t->txt)) @@ -1617,7 +1617,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, ans = 1; if (!dryrun) { - log_query(is_arpa | F_REVERSE | F_CONFIG, intr->name, &addr, NULL); + log_query(is_arpa | F_REVERSE | F_CONFIG, intr->name, &addr, NULL, 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL, T_PTR, C_IN, "d", intr->name)) @@ -1630,7 +1630,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, sec_data = 0; if (!dryrun) { - log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + log_query(F_CONFIG | F_RRNAME, name, NULL, "", 0); for (ptr = daemon->ptr; ptr; ptr = ptr->next) if (hostname_isequal(name, ptr->name) && add_resource_record(header, limit, &trunc, nameoffset, &ansp, @@ -1665,7 +1665,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (crecp->flags & F_NXDOMAIN) nxdomain = 1; if (!dryrun) - log_query(crecp->flags & ~F_FORWARD, name, &addr, NULL); + log_query(crecp->flags & ~F_FORWARD, name, &addr, NULL, 0); } else { @@ -1674,7 +1674,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!dryrun) { log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr, - record_source(crecp->uid)); + record_source(crecp->uid), 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, crec_ttl(crecp, now), NULL, @@ -1691,7 +1691,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, sec_data = 0; if (!dryrun) { - log_query(F_CONFIG | F_REVERSE | is_arpa, name, &addr, NULL); + log_query(F_CONFIG | F_REVERSE | is_arpa, name, &addr, NULL, 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL, @@ -1709,7 +1709,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, nxdomain = 1; if (!dryrun) log_query(F_CONFIG | F_REVERSE | is_arpa | F_NEG | F_NXDOMAIN, - name, &addr, NULL); + name, &addr, NULL, 0); } } @@ -1764,7 +1764,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!dryrun) { gotit = 1; - log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL); + log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL, 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL, type, C_IN, type == T_A ? "4" : "6", &addrlist->addr)) @@ -1774,7 +1774,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, } if (!dryrun && !gotit) - log_query(F_FORWARD | F_CONFIG | flag | F_NEG, name, NULL, NULL); + log_query(F_FORWARD | F_CONFIG | flag | F_NEG, name, NULL, NULL, 0); continue; } @@ -1819,7 +1819,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (crecp->flags & F_NXDOMAIN) nxdomain = 1; if (!dryrun) - log_query(crecp->flags, name, NULL, NULL); + log_query(crecp->flags, name, NULL, NULL, 0); } else { @@ -1837,7 +1837,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!dryrun) { log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr, - record_source(crecp->uid)); + record_source(crecp->uid), 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, crec_ttl(crecp, now), NULL, type, C_IN, @@ -1852,7 +1852,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, ans = 1, sec_data = 0; if (!dryrun) { - log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL); + log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL, 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL, type, C_IN, type == T_A ? "4" : "6", &addr)) anscount++; @@ -1871,7 +1871,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!dryrun) { int offset; - log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + log_query(F_CONFIG | F_RRNAME, name, NULL, "", 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, &offset, T_MX, C_IN, "sd", rec->weight, rec->target)) { @@ -1889,7 +1889,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, sec_data = 0; if (!dryrun) { - log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + log_query(F_CONFIG | F_RRNAME, name, NULL, "", 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL, T_MX, C_IN, "sd", 1, option_bool(OPT_SELFMX) ? name : daemon->mxtarget)) @@ -1911,7 +1911,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!dryrun) { int offset; - log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + log_query(F_CONFIG | F_RRNAME, name, NULL, "", 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, &offset, T_SRV, C_IN, "sssd", rec->priority, rec->weight, rec->srvport, rec->target)) @@ -1962,12 +1962,12 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (crecp->flags & F_NXDOMAIN) nxdomain = 1; if (!dryrun) - log_query(crecp->flags, name, NULL, NULL); + log_query(crecp->flags, name, NULL, NULL, 0); } else if (!dryrun) { char *target = blockdata_retrieve(crecp->addr.srv.target, crecp->addr.srv.targetlen, NULL); - log_query(crecp->flags, name, NULL, 0); + log_query(crecp->flags, name, NULL, NULL, 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, crec_ttl(crecp, now), NULL, T_SRV, C_IN, "sssd", @@ -1983,7 +1983,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, ans = 1; sec_data = 0; if (!dryrun) - log_query(F_CONFIG | F_NEG, name, NULL, NULL); + log_query(F_CONFIG | F_NEG, name, NULL, NULL, 0); } } @@ -1997,7 +1997,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, sec_data = 0; if (!dryrun) { - log_query(F_CONFIG | F_RRNAME, name, NULL, ""); + log_query(F_CONFIG | F_RRNAME, name, NULL, "", 0); if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL, T_NAPTR, C_IN, "sszzzd", na->order, na->pref, na->flags, na->services, na->regexp, na->replace)) @@ -2014,7 +2014,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, ans = 1; sec_data = 0; if (!dryrun) - log_query(F_CONFIG | F_NEG, name, &addr, NULL); + log_query(F_CONFIG | F_NEG, name, &addr, NULL, 0); } }